Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorymoderateUbuntuUbuntu 23.10 USN-6591-1 Moderate: Postfix Email Auth Bypass
Postfix could allow bypass of email authentication if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6591-1 January 22, 2024 postfix vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Postfix could allow bypass of email authentication if it received specially crafted network traffic. Software Description: - postfix: High-performance mail transport agent Details: Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found athttps://www.postfix.org/smtp-smuggling.html. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: postfix 3.8.1-2ubuntu0.1 Ubuntu 22.04 LTS: postfix 3.6.4-1ubuntu1.2 Ubuntu 20.04 LTS: postfix 3.4.13-0ubuntu1.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): postfix 3.3.0-1ubuntu0.4+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): postfix 3.1.0-3ubuntu0.4+esm2 Ubuntu 14.04 LTS (Available with Ubuntu Pro): postfix 2.11.0-1ubuntu1.2+esm2 After a standard system update you need to enable smtpd_forbid_bare_newline in your configuration and reload it tomake all the necessary changes. References: https://ubuntu.com/security/notices/USN-6591-1 CVE-2023-51764,https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 Package Information: https://launchpad.net/ubuntu/+source/postfix/3.8.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.2 https://launchpad.net/ubuntu/+source/postfix/3.4.13-0ubuntu1.3 . A vulnerability in Postfix could be exploited, leading to potential email authentication breaches and increased domain spoofing threats. Update immediately.. Postfix Authentication, Email Spoofing, Ubuntu Update. . LinuxSecurity.com Team
Jan 22, 2024
Ubuntu
98
security advisorymoderateRed HatRed Hat 7: RHSA-2019-0349-01 Moderate: .NET Core Domain Spoofing
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019 Advisory ID: RHSA-2019:0349-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0349 Issue date: 2019-02-14 CVE Names: CVE-2019-0657 ==================================================================== 1. Summary: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2. Security Fix(es): * .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listedin the References section. For more information, please refer to the upstream doc in the References section. 4. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v.7): Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v.7): Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-0657 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em SeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU AvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+ 27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN cFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu SJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK eI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH JiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z oca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ /DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F +edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX 1Uwk7uAgds0=IIGV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 14, 2019
Red Hat
89
security advisoryfedoracriticalFedora 24: 2017-c2e1dc46a1 Critical: Chromium Domain Spoofing
Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-c2e1dc46a1 2017-06-26 19:07:17.381493 --------------------------------------------------------------------------------Name : chromium Product : Fedora 24 Version : 59.0.3071.104 Release : 1.fc24 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089 --------------------------------------------------------------------------------References: [ 1 ] Bug #1462151 - CVE-2017-5089 chromium-browser: domain spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1462151 [ 2 ] Bug #1462149 - CVE-2017-5088 chromium-browser: out of bounds read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1462149 [ 3 ] Bug #1462148 - CVE-2017-5087 chromium-browser: sandbox escape in indexeddb https://bugzilla.redhat.com/show_bug.cgi?id=1462148 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade chromium' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 26, 2017
•Critical
Fedora
89
security advisoryFedorasecurity fixFedora 25: 2017-e8a1e1e62a Critical: Chromium Sandbox Escape
Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-e8a1e1e62a 2017-06-23 14:18:21.689071 --------------------------------------------------------------------------------Name : chromium Product : Fedora 25 Version : 59.0.3071.104 Release : 1.fc25 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089 --------------------------------------------------------------------------------References: [ 1 ] Bug #1462151 - CVE-2017-5089 chromium-browser: domain spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1462151 [ 2 ] Bug #1462149 - CVE-2017-5088 chromium-browser: out of bounds read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1462149 [ 3 ] Bug #1462148 - CVE-2017-5087 chromium-browser: sandbox escape in indexeddb https://bugzilla.redhat.com/show_bug.cgi?id=1462148 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade chromium' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 23, 2017
•Critical
Fedora
89
security advisoryFedoraout of boundsFedora: 2017-01e4d46f23 moderate: chromium sandbox escape
Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-01e4d46f23 2017-06-22 13:34:50.949088 --------------------------------------------------------------------------------Name : chromium Product : Fedora 26 Version : 59.0.3071.104 Release : 1.fc26 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089 --------------------------------------------------------------------------------References: [ 1 ] Bug #1462151 - CVE-2017-5089 chromium-browser: domain spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1462151 [ 2 ] Bug #1462149 - CVE-2017-5088 chromium-browser: out of bounds read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1462149 [ 3 ] Bug #1462148 - CVE-2017-5087 chromium-browser: sandbox escape in indexeddb https://bugzilla.redhat.com/show_bug.cgi?id=1462148 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade chromium' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 22, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!